This is an issue because RIAs are subject to external compliance auditing, usually though a 3rd party journaling target such as SMARSH or Proofpoint Archive.

For example, suppose an email addresses changes to @facebook.com, then that means all email protections that were in place by the company (such as encryption, AV, etc.) also bypasses the required any other journaling infrastructure that is required by law.

Questions

What are the exact circumstances that cause the default email address to change?

If the email address has changed, how does that affect liability?

If the email address changed on the mobile device, does it also change Outlook's default address (Exchange Server/OWA presumably as well)?

Does the scope of the SEC search or legal search now expand to a Facebook address as a result? (affecting privacy)